-{ lib, pkgs, config, ... }:
+{ lib, pkgs, config, nixpkgsRaw, etherpad-lite, ... }:
let
env = config.myEnv.tools.etherpad-lite;
cfg = config.myServices.websites.tools.etherpad-lite;
# Make sure we’re not rebuilding whole libreoffice just because of a
# dependency
- libreoffice = (import <nixpkgs> { overlays = []; }).libreoffice-fresh;
+ libreoffice = nixpkgsRaw.libreoffice-fresh;
ecfg = config.services.etherpad-lite;
in {
options.myServices.websites.tools.etherpad-lite = {
};
config = lib.mkIf cfg.enable {
+ myServices.dns.zones."immae.eu".subdomains.ether =
+ with config.myServices.dns.helpers; ips servers.eldiron.ips.main;
+
+ myServices.chatonsProperties.services.etherpad = {
+ file.datetime = "2021-01-04T00:01:00";
+ service = {
+ name = "Etherpad";
+ description = "Éditeur de texte collaboratif en temps réel. on peut y écrire simultanément.";
+ website = "https://ether.immae.eu";
+ logo = "https://ether.immae.eu/favicon.ico";
+ status.level = "OK";
+ status.description = "OK";
+ registration."" = ["NONE" "MEMBER" "CLIENT"];
+ registration.load = "OPEN";
+ install.type = "PACKAGE";
+ };
+ software = {
+ name = "Etherpad";
+ website = "https://etherpad.org/";
+ license.url = "https://github.com/ether/etherpad-lite/blob/develop/LICENSE";
+ license.name = "Apache License Version 2.0";
+ version = ecfg.package.version;
+ source.url = "https://github.com/ether/etherpad-lite";
+ modules = ecfg.package.moduleNames;
+ };
+ };
secrets.keys = {
"webapps/tools-etherpad-apikey" = {
permissions = "0400";
};
"webapps/tools-etherpad" = {
permissions = "0400";
+ keyDependencies = [ libreoffice ];
text = ''
{
"title": "Etherpad",
"requireSession" : false,
"editOnly" : false,
"sessionNoPassword" : false,
- "minify" : true,
+ "minify" : false,
"maxAge" : 21600,
"abiword" : null,
"soffice" : "${libreoffice}/bin/soffice",
"allowUnknownFileEnds" : true,
"requireAuthentication" : false,
"requireAuthorization" : false,
- "trustProxy" : false,
+ "trustProxy" : true,
"disableIPlogging" : false,
"automaticReconnectionTimeout" : 0,
"scrollWhenFocusLineIsOutOfViewport": {
};
services.etherpad-lite = {
enable = true;
- package = pkgs.webapps.etherpad-lite.withModules (p: [
+ package = etherpad-lite.withModules (p: [
p.ep_align p.ep_bookmark p.ep_colors p.ep_comments_page
p.ep_cursortrace p.ep_delete_empty_pads p.ep_embedmedia
p.ep_font_size p.ep_headings2 p.ep_immae_buttons p.ep_ldapauth
};
systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys";
+ systemd.services.etherpad-lite-cleanup.serviceConfig.SupplementaryGroups = "keys";
# Needed so that they get in the closure
systemd.services.etherpad-lite.path = [ libreoffice pkgs.html-tidy ];
services.websites.env.tools.modules = [
"headers" "proxy" "proxy_http" "proxy_wstunnel"
];
+ security.acme.certs.eldiron.extraDomainNames = [ "ether.immae.eu" ];
services.websites.env.tools.vhostConfs.etherpad-lite = {
certName = "eldiron";
- addToCerts = true;
hosts = [ "ether.immae.eu" ];
root = null;
extraConfig = [ ''
RewriteEngine On
- RewriteMap redirects "txt:${pkgs.writeText "redirects.txt" config.myEnv.tools.etherpad-lite.redirects}"
- RewriteCond %{QUERY_STRING} "!noredirect"
- RewriteCond %{REQUEST_URI} "^(.*)$"
- RewriteCond ''${redirects:$1|Unknown} "!Unknown"
- RewriteRule "^(.*)$" ''${redirects:$1} [L,NE,R=301,QSD]
-
RewriteCond %{REQUEST_URI} ^/socket.io [NC]
RewriteCond %{QUERY_STRING} transport=websocket [NC]
RewriteRule /(.*) unix://${ecfg.sockets.node}|ws://ether.immae.eu/$1 [P,NE,QSA,L]
</IfModule>
'' ];
};
+ myServices.monitoring.fromMasterActivatedPlugins = [ "http" ];
+ myServices.monitoring.fromMasterObjects.service = [
+ {
+ service_description = "etherpad website is running on ether.immae.eu";
+ host_name = config.hostEnv.fqdn;
+ use = "external-web-service";
+ check_command = ["check_https" "ether.immae.eu" "/" "<title>Etherpad"];
+
+ servicegroups = "webstatus-webapps";
+ _webstatus_name = "Etherpad";
+ _webstatus_url = "https://ether.immae.eu/";
+ }
+ ];
};
}
projects / perso / Immae / Config / Nix.git / blobdiff